Presentation is loading. Please wait.

Presentation is loading. Please wait.

The United States, Privacy, and Data Protection Peter P. Swire Dutch Embassy Presentation January 19, 2001.

Similar presentations

Presentation on theme: "The United States, Privacy, and Data Protection Peter P. Swire Dutch Embassy Presentation January 19, 2001."— Presentation transcript:

1 The United States, Privacy, and Data Protection Peter P. Swire Dutch Embassy Presentation January 19, 2001

2 Overview n The Inevitability of Societal Decisions on Privacy n Clinton Administration Actions n A Look Ahead

3 E-mail attachment as the new metaphor n From mainframe to the e-mail attachment n 1970s and mainframes – Worry about large, centralized databases – Fair Credit Reporting Act, 1970 – Privacy Act of 1974 – First European data protection laws

4 Changes to the 1990s n Everyone has a mainframe -- laptop or desktop n Transfers are free, instantaneous, & global n Usually change symbolized by the web n Better image is the e-mail attachment – Anyone to anyone – Can attach anything to an e-mail – The lived experience of almost all users

5 Inevitability of Societal Decisions about Privacy n The lack of a status quo n Examples: – State public records – Medical records – Financial records – Internet records

6 The Lack of a Status Quo n Old reality: – Relatively few databases – Relatively few rules -- by law or industry n New reality: – Far more databases, with more detail – If few rules, then vastly greater data flows – If try to retain pre-existing privacy balance, then will have many more rules

7 Public Records n Old reality (e.g., 20 years ago) – Legal openness, state open government laws – Practical obscurity -- cost and bother of going to the courthouse for paper records n New reality: – Legal openness, except drivers records – Practical openness, far more intensive use – Bankruptcy and privacy study

8 Medical Records n What has changed: – Mostly paper to mostly electronic – Records held by large providers and plans, and used for many management purposes n Societal response: – HHS medical privacy regulations

9 Financial Records n What has changed: – Level of detail -- from credit history to transactional history – Industry convergence n Societal response – FCRA – Financial Modernization law 1999 – Clinton Administration pushed for more

10 Internet Privacy n Old reality? – None. n Inevitability of societal decisions – Web sites – Online profiling – GUIDs – Etc. -- IPv6, links to offline, and so on

11 What are Societal Decisions? n Technology -- engineers in the company or standards organizations n Markets -- company decisions and contracts with business partners n Self-regulation n Governmental rules n Transborder rules -- Safe Harbor

12 Conclusion on societal decisions n No status quo: cant return to few databases and few rules n Number and velocity of privacy issues increasing rapidly n E-mail attachments: solutions must be robust in a world of anyone-to-anyone transfers

13 II. Clinton Administration Privacy Policy n Support self-regulation generally – Applaud self-regulatory efforts n Sensitive categories deserve legal protection – Medical & Genetic – Financial & ID Theft – Childrens Online n Government should lead by example

14 Internet Privacy n Quantity of policies – 15% to 66% to 88% from 1998 to 2000 n Quality of policies – Seek fair information practices n Major legislative push this year

15 Safe Harbor n Now approved by E.U. n Self-regulation as a core achievement n Lawful basis for trans-Atlantic data flows n Streamlined registration n Up for review in summer, 2001 n Financial services not yet addressed

16 Medical Records Privacy n HIPAA 1996 called for legislation by 8/99 n President announced proposed regs 10/99 n Over 53,000 submissions of comments n Final rules announced December, 2000 n Take effect early 2003

17 Genetic Discrimination n February 8 Executive Order – Prohibits federal agencies from using genetic information in hiring or promotion n Call for legislation – Daschle/Slaughter bills – Extend protections to private sector – Apply to purchase of health insurance

18 Childrens Online Privacy n Childrens Online Privacy Protection Act of 1998 n FTC rules took effect 4/2000 n Key is verifiable parental consent

19 Financial Privacy n Financial Modernization Act – Notice for 3d parties and affiliates – Opt out choice for 3d parties only – Significant enforcement provisions

20 Federal Databases n Privacy Act in place since 1974 n Now, all agencies have privacy policies at their major web sites n Summer 2000 -- presumption against the use of cookies at federal web sites n Other OMB actions

21 III. LookingAhead n Bipartisan interest in privacy protections n Republican focus especially on misuse in the government sector n Democrats more likely to favor regulation of the private sector n Growing realization, though, that data flows between the sectors

22 The Bush Administration n Campaign statements similar to Clinton Administration approach: – Focus on sensitive medical and financial – Encourage self-regulation – But, comments by Bush himself suggested more activist

23 Which U.S. Institutions will Lead? n OMB -- traditional role for government databases n Larry Lindsay -- possible policy lead n FTC -- independent agency has called for Internet legislation n Hard to imagine a new federal privacy agency in medium term

24 Conclusion n U.S. has taken significant legal steps toward protecting most sensitive information n Ongoing debate of whether to expand to the Internet, or even off-line n Unclear what institutions would regulate in the area n Likely significant change within 5-10 years

Download ppt "The United States, Privacy, and Data Protection Peter P. Swire Dutch Embassy Presentation January 19, 2001."

Similar presentations

Ads by Google